README.md

Derby.js Authentication

Please use the example directory as boilerplate for setting up your own project, but the basics are outlined here.

Step 1

###Setup a hash of strategies you'll use - strategy objects and their configurationsNote, API keys should be stored as environment variables (eg, process.env.FACEBOOK_KEY) or you can use nconf to storethem in config.json, which we're doing here###auth =require("derby-auth")
strategies =facebook:strategy:require("passport-facebook").Strategy
conf:clientID: conf.get('fb:appId')
clientSecret: conf.get('fb:appSecret')

Step 1.5

###Optional parameters passed into auth.middleware(). Most of these will get sane defaults, so it's not entirely necessaryto pass in this object - but I want to show you here to give you a feel. @see derby-auth/middeware.coffee for options###options =passport:failureRedirect:'/'successRedirect:'/'site:domain:'http://localhost:3000'name:'My Site'email:'admin@mysite.com'smtp:service:'Gmail'user:'admin@mysite.com'pass:'abc'

Step 2

###Initialize the store. This will add utility accessControl functions (see store.coffee for more details), as wellas the basic specific accessControl for the `auth` collection, which you can use as boilerplate for your own `users`collection or what have you. The reason we need `mongo` & `strategies` is to run db.ensureIndexes() on first run,and we may need in the future to access sensitive auth properties due to missing mongo projections featurein Racer 0.5 (@see http://goo.gl/mloKO)###
auth.store(store, mongo, strategies)

...# derbyAuth.middleware is inserted after modelMiddleware and before the app router to pass server accessible data to a model# Pass in {store} (sets up accessControl & queries), {strategies} (see above), and options
.use(auth.middleware(strategies, options))
...

Step 4 (optional, recommended)

If you want drop-in Login and Register forms, including form validation, use the <derby-auth:login /> and <derby-auth:register />components. To enable these, you'll need this in your /src/app/index.coffee file:

app.use require("derby-auth/components/index.coffee")

NOTE: the components require jQuery in your app (window.$ must exist). See example/server/index.coffee's store.on('bundle') for an example.

See the example for more details, as well as login / registration forms, sign-in buttons, etc.

Why not EveryAuth?

This project was originally implemented with Everyauth (see branch), but had some issues:

Every provider had to be implemented individually in code. Passport has an abstraction layer, which is what allows us to pass in Strategy + conf objects in server/index.js for every provider we want enabled.

The derby-examples/auth folder, written by the creators of Derby, uses Everyauth - so if you can't get derby-auth working, you may want to give that a shot. Note, it doesn't yet implement username / password authentication.